��JFIF�����������$
�������������������������������������� ��� ������
�����
�
�����������
���
����d�d�����������7������������������������ ��
Viewing File: /usr/local/cpanel/scripts/securemysql
#!/usr/local/cpanel/3rdparty/bin/perl
# Copyright 2024 WebPros International, LLC
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited.
use strict;
use warnings;
use Getopt::Std;
use Cpanel::MysqlUtils::Check ();
use Cpanel::MysqlUtils::Secure ();
use Cpanel::SafeRun::Simple ();
use Cpanel::MysqlUtils::Connect ();
use Cpanel::MysqlUtils::MyCnf::Basic ();
use Cpanel::AdminBin::Serializer (); # PPI USE OK - loadConfig speed
use Cpanel::Config::LoadConfig (); # PPI USE OK - For MyCnf::Basic
use Cpanel::PwCache (); # PPI USE OK - For MyCnf::Basic
use Try::Tiny;
# Only run if executed by root
exit if ( $> != 0 );
# Don't run if MySQL is not used
exit if ( -e '/etc/securemysqldisable' || -e '/etc/mysqldisable' );
my $version = qq{0.3};
my $verbose = 1;
my $fast = 0;
my $help = 0;
my $actions = q{};
my %options;
getopts( 'qFha:', \%options );
if ( exists $options{'q'} ) {
$verbose = 0;
}
if ( exists $options{'F'} ) {
$fast = 1;
}
if ( exists $options{'h'} ) {
$help = 1;
}
if ( exists $options{'a'} ) {
$actions = $options{'a'};
if ( !defined $actions || $actions eq '' ) { $actions = 'all'; }
}
my @actions;
if ( $actions ne 'all' && $actions ne '' ) {
$actions =~ s{ [^a-z0-9,]+ }{}gxms;
@actions = split /,/, $actions;
}
my $actionsall = 0;
if ( $actions eq 'all' || grep m{ \A all \z }xms, @actions ) { $actionsall = 1; }
if ($actionsall) { print "Performing all actions.\n" if $verbose; }
my %actions = (
'removeanon' => $actionsall,
'removetestdb' => $actionsall,
'removelockntmp' => $actionsall,
'removeremoteroot' => $actionsall,
'chowndatadir' => $actionsall,
'removepublicgrants' => $actionsall,
);
foreach my $action (@actions) {
if ( exists $actions{$action} || $actionsall ) { $actions{$action} = 1; }
elsif ($verbose) { print "Invalid action $action ignored.\n"; }
}
$actions{'securemycnf'} = 1; # we always do this
if ( !-t STDOUT ) { $verbose = 0; }
if ( $help || ( $verbose && !$fast ) ) {
print <<"EOM";
securemysql $version
Options:
-q - Quiet execution
-F - Bypass the help message
-a - Specify additional actions (comma separated list), or blank for all
-h - Print this message and exit.
This script attempts to secure the MySQL configuration by doing the following:
(always executed) Ensure root password for MySQL is set.
(always executed) Changes ownership of /var/db/mysql or /var/lib/mysql to mysql
Additionally, the following actions can be specified:
[optional]
removeanon - Remove any anonymous users
removetestdb - Remove test database
removelockntmp - Remove global lock tables and create tmp table privileges from users
removeremoteroot - Remove remote root login
chowndatadir - Chown the mysql data directory to mysql:mysql
removepublicgrants - Removes insecure public grants on MariaDB 10.11 and later.
Examples:
./securemysql -q -F -a removeanon,removetestdb,removelockntmp,removeremoteroot
./securemysql -q -F -a "removeanon, removetestdb, removelockntmp"
EOM
exit if $help;
sleep 5;
}
if ( Cpanel::MysqlUtils::MyCnf::Basic::is_remote_mysql() ) {
print "Remote MySQL configured. Exiting.\n" if $verbose;
exit;
}
my $err;
my $dbh;
try {
$dbh = Cpanel::MysqlUtils::Connect::get_dbi_handle();
}
catch {
$err = $_;
};
if ( !$dbh ) {
my $ret = Cpanel::SafeRun::Simple::saferun( '/usr/local/cpanel/scripts/restartsrv_mysql', '--check' ) // '';
my $check_ok = $? == 0 ? 1 : 0;
if ( !$check_ok ) {
# This will force a password reset if password is wrong/blank
$check_ok = Cpanel::MysqlUtils::Check::check_mysql_password_works_or_reset();
if ( !$check_ok ) {
# Case 169937, if I die here it will show like an error on the main
# screen.
print "Mysql is not running: $ret: $err\n";
exit;
}
}
$dbh = Cpanel::MysqlUtils::Connect::get_dbi_handle();
}
if ( values %actions ) {
Cpanel::MysqlUtils::Secure::perform_secure_actions( $dbh, \%actions, $verbose );
}
Back to Directory
�������������������������������������nL+D�550�H�?Mx� ,D"v]qv;6*Zqn�)�ZP��0������������������������������!1 ��A� "#a$2Qr��������D8�a�Ri�[f�\mIykIw0�cu�FcRı?lO7к_f˓[C$殷WF<_W ԣs�KcëIzyQy���/_LK�ℂ;C�",pFA:�/]=H�� �~,ls/9�ć:[=/#f;�)x�{�ٛ�EQ )~� ���=𘙲r*2~ ��a��_V='��kumF��D}KYYC)({�*g&f�`툪r�y�`=^cJ.I]�(*`�wq���1�dđ#̩�͑0�;H]u搂@:~וKL� Ns��h�}OIR*8:2��!lDJVo(��3=M(z�Ȱ+i*NA�r6K�n�Sl�)!JJӁ* %�݉�?|D}d5:eP0R;{$X'xF@.ÊB {,W�J�uQ�ɲRI;9�QE�琯62fT.D�UJ���;*c��P��A\ILNj!J۱+�O\�͔]ޒ�SJȧc%AN��ol�ՎprULZԛe�r�E2=XDXg�VQe�ӓk��y�P�7U*omQIs,K`)6\�G3t?pgj�r�mۛجwluG��tf��h9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0���'G=i2N�+0e2�]]�9VT�P��O7h(F*�癈�'�=Q��V�ZDF,d߬~�TX
G[�`l�e69CR(!S2!P�
<0x�<������������������������!1��AQ "Raq�02Br���#S�CTb�����
?�Ζ"]mH�5WR7k.ۛ!}Q~+yԏz|@T20S~Kek�*zFf^2X*(@8�r?��CIuI|�֓>^ExLgN�UY+{.RѪ
τVYTD�I62'8Y2�7'\T�P�.6�d&˦@�Vqi�|8-�OΕ�]ʔ� U=��TL8=;6c�|���!qfF3a�ů�&~$l}'NWUs$Uk^SV��:U#�6w+�+s&r+nڐ��{@�29�g�L�
u"TÙ�M=6�(^"7r}�=6YݾlCuhquympǦ
�G�jhsǜNl�ɻ}o7�#S6aw�4!OS�rD�57�%|?x>L
|�/�nD6?/8w#[�)L7��+6〼T�ATg�!��%5�MmZ/c-{�1_Je"|�^$'O���&�ޱմ�Trb�$�w)R�$�&�
N1EtdU�3Uȉ1p�M"�N*(DN�y�d96.(jQ)X
5cQɎMyW�?��Q�*!R>6=7)Xj5`J]�e�8%t!+'!1Q�5���������� �������������!1��� AQ�aqё#2�"0BRb������?�G�t^�## .llQT $�v,,m��㵜5�ubV �=sY+@d�{N!�dnO<���.-B;�_wJt6�;Q�Jd.Qc%p{ 1,sND�dFH�I0Гo�Xш�e黅XۢF:)[�FGXƹ/w�_cMeD���,ʡcc.���WD�tA$�j@�:) -#�u
c1<@ۗ9F�)KJ-hpP]�_��x[qBlbp�ʖw� q"�L�FGd�ƶ*���s+�ډ_Zc"?�%�t[IP���6J]#=ɺVvv�CGsGh1� >)6�|ey?Lӣm,4GWUi`�]uJVoV�D�G�< SB�6ϏQ@ TiUly�OU0kfV~�~}�SZ@*WUU�i##;�s/[�=!�7}"��WN]'(L!��~y�5g9T̅JkbM'�+s:S� ��+�B)v@M��j
���e Cf�jE�0��Y\QnzG�1д~Wo{T�9?`�Rmyh�sy�3!HA�D]m�c1~2L���Su7xT;j$`}4->L#�vzŏ��ILS���֭��T��{�r��jGKC;��b�pU=�-`BsK.SFw4�Mq]ZdH�S0)tLg